[TOPF] Logwatch for h2361197.stratoserver.net (Linux)

Montag, 11 Oktober 2021


 
 ################### Logwatch 7.4.0 (03/01/11) #################### 
        Processing Initiated: Mon Oct 11 04:42:04 2021
        Date Range Processed: yesterday
                              ( 2021-Oct-10 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: h2361197.stratoserver.net
 ################################################################## 
 
 --------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:				 Bans:Unbans
    ssh:                                                    [ 78:78 ]
 
 ---------------------- fail2ban-messages End ------------------------- 

 
 --------------------- httpd Begin ------------------------ 

 
 A total of 10 sites probed the server 
    110.253.40.87
    137.184.73.78
    161.35.236.158
    172.104.131.24
    199.195.253.71
    209.141.56.41
    3.85.234.49
    49.143.32.6
    64.227.97.195
    66.240.205.34
 
 Requests with error response codes
    400 Bad Request
       null: 16 Time(s)
       /: 5 Time(s)
       /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh: 3 Time(s)
       mstshash=Administr: 2 Time(s)
       /.env: 1 Time(s)
       /.well-known/security.txt: 1 Time(s)
       /c/version.js: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /flu/403.html: 1 Time(s)
       /gemini-iptv/get_prc.php: 1 Time(s)
       /gemini-iptv/vod.json: 1 Time(s)
       /robots.txt: 1 Time(s)
       /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/: 1 Time(s)
       /stalker_portal/c/version.js: 1 Time(s)
       /stream/live.php: 1 Time(s)
       /streaming/clients_live.php: 1 Time(s)
       /system_api.php: 1 Time(s)
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
    500 Internal Server Error
       /: 48 Time(s)
       /.env: 2 Time(s)
       /.well-known/security.txt: 2 Time(s)
       /ecp/Current/exporttool/microsoft.exchange ... ool.application: 2 Time(s)
       /robots.txt: 2 Time(s)
       /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php: 2 Time(s)
       //login_sid.lua: 1 Time(s)
       /?XDEBUG_SESSION_START=phpstorm: 1 Time(s)
       /Autodiscover/Autodiscover.xml: 1 Time(s)
       /GponForm/diag_Form?style/: 1 Time(s)
       /_ignition/execute-solution: 1 Time(s)
       /actuator/health: 1 Time(s)
       /api/jsonws/invoke: 1 Time(s)
       /bag2: 1 Time(s)
       /c/version.js: 1 Time(s)
       /console/: 1 Time(s)
       /favicon.ico: 1 Time(s)
       /flu/403.html: 1 Time(s)
       /gemini-iptv/get_prc.php: 1 Time(s)
       /gemini-iptv/vod.json: 1 Time(s)
       /index.php?s=/Index/\x5Cthink\x5Capp/invok ... HelloThinkPHP21: 1 Time(s)
       /mifs/.;/services/LogService: 1 Time(s)
       /owa/auth/logon.aspx: 1 Time(s)
       /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f: 1 Time(s)
       /owa/auth/x.js: 1 Time(s)
       /stalker_portal/c/version.js: 1 Time(s)
       /stream/live.php: 1 Time(s)
       /streaming/clients_live.php: 1 Time(s)
       /system_api.php: 1 Time(s)
       /wp-content/plugins/wp-file-manager/readme.txt: 1 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (heribay.intertoons.net): 188 Time(s)
       root (206.81.30.137): 38 Time(s)
       root (218.26.188.73): 38 Time(s)
       root (172.81.254.82): 36 Time(s)
       root (211.115.68.105): 36 Time(s)
       root (1.116.229.124): 35 Time(s)
       root (49.234.13.139): 35 Time(s)
       root (ip-182-16-240-238.interlink.net.id): 35 Time(s)
       root (106.53.86.25): 34 Time(s)
       root (221.231.9.138): 34 Time(s)
       root (conm200-116-110-25.epm.net.co): 34 Time(s)
       root (bras-base-mtrlpq3704w-grc-22-174-91-192-200.dsl.bell.ca): 33 Time(s)
       root (112.160.220.233): 32 Time(s)
       root (42.192.133.140): 32 Time(s)
       root (50-77-68-201-static.hfc.comcastbusiness.net): 32 Time(s)
       root (115.159.216.236): 31 Time(s)
       root (182.254.151.198): 31 Time(s)
       root (42.192.179.14): 29 Time(s)
       root (210.28.213.193.static.cust.telenor.com): 28 Time(s)
       root (42.193.41.129): 28 Time(s)
       root (40.125.214.159): 27 Time(s)
       root (175.27.232.16): 26 Time(s)
       root (49.233.24.233): 26 Time(s)
       unknown (121.5.168.67): 23 Time(s)
       root (177.22.35.126): 19 Time(s)
       unknown (182.254.151.198): 19 Time(s)
       root (103.127.67.194): 18 Time(s)
       root (106.54.170.148): 18 Time(s)
       root (23.105.222.242.16clouds.com): 18 Time(s)
       unknown (112.160.220.233): 18 Time(s)
       unknown (50-77-68-201-static.hfc.comcastbusiness.net): 18 Time(s)
       root (1.85.217.134): 17 Time(s)
       root (157.245.101.31): 17 Time(s)
       root (206.189.206.212): 17 Time(s)
       root (221.226.39.202): 17 Time(s)
       unknown (40.125.214.159): 17 Time(s)
       unknown (bras-base-mtrlpq3704w-grc-22-174-91-192-200.dsl.bell.ca): 17 Time(s)
       root (121.131.164.62): 16 Time(s)
       unknown (106.53.86.25): 16 Time(s)
       unknown (115.159.216.236): 16 Time(s)
       unknown (221.231.9.138): 16 Time(s)
       unknown (1.116.229.124): 15 Time(s)
       unknown (175.27.232.16): 15 Time(s)
       unknown (49.234.13.139): 15 Time(s)
       unknown (81.69.7.163): 15 Time(s)
       root (121.5.168.67): 14 Time(s)
       root (189.45.78.175): 14 Time(s)
       root (81.69.7.163): 14 Time(s)
       unknown (172.81.254.82): 14 Time(s)
       unknown (177.22.35.126): 14 Time(s)
       unknown (210.28.213.193.static.cust.telenor.com): 14 Time(s)
       unknown (211.115.68.105): 14 Time(s)
       unknown (42.192.133.140): 14 Time(s)
       unknown (103.127.67.194): 13 Time(s)
       unknown (141.98.10.81): 13 Time(s)
       root (122.55.221.172): 12 Time(s)
       unknown (1.85.217.134): 12 Time(s)
       unknown (157.245.101.31): 12 Time(s)
       unknown (206.81.30.137): 12 Time(s)
       unknown (218.26.188.73): 12 Time(s)
       unknown (221.226.39.202): 12 Time(s)
       unknown (42.193.41.129): 12 Time(s)
       unknown (61.35.57.29): 12 Time(s)
       root (111.229.237.226): 11 Time(s)
       unknown (42.192.179.14): 11 Time(s)
       unknown (conm200-116-110-25.epm.net.co): 11 Time(s)
       unknown (ip-182-16-240-238.interlink.net.id): 11 Time(s)
       unknown (23.105.222.242.16clouds.com): 9 Time(s)
       root (40.73.17.36): 8 Time(s)
       unknown (179.43.141.99): 8 Time(s)
       unknown (205.185.126.71): 8 Time(s)
       unknown (206.189.206.212): 8 Time(s)
       unknown (209.141.53.99): 8 Time(s)
       unknown (49.233.24.233): 8 Time(s)
       unknown (106.54.170.148): 7 Time(s)
       unknown (141.98.10.121): 6 Time(s)
       root (058177171112.ctinets.com): 5 Time(s)
       root (188.74.54.101): 5 Time(s)
       unknown (111.229.237.226): 5 Time(s)
       unknown (176.111.173.238): 5 Time(s)
       unknown (40.73.17.36): 4 Time(s)
       unknown (141.98.10.60): 3 Time(s)
       unknown (189.45.78.175): 3 Time(s)
       unknown (45.135.232.159): 3 Time(s)
       unknown (45.155.204.39): 3 Time(s)
       root (179.43.141.99): 2 Time(s)
       unknown (10.85.105.92.dynamic.wline.res.cust.swisscom.ch): 2 Time(s)
       unknown (112.184.176.131): 2 Time(s)
       unknown (121.131.164.62): 2 Time(s)
       unknown (188.126.89.67): 2 Time(s)
       unknown (190.29.103.99): 2 Time(s)
       unknown (199.19.224.76): 2 Time(s)
       unknown (205.185.121.149): 2 Time(s)
       unknown (212.193.30.32): 2 Time(s)
       unknown (212.193.30.64): 2 Time(s)
       unknown (82-64-125-231.subs.proxad.net): 2 Time(s)
       mailman (42.192.179.14): 1 Time(s)
       postfix (176.111.173.237): 1 Time(s)
       root (117.146.172.106): 1 Time(s)
       root (176.111.173.237): 1 Time(s)
       root (200.73.128.252): 1 Time(s)
       root (200.73.130.213): 1 Time(s)
       unknown (058177171112.ctinets.com): 1 Time(s)
       unknown (159.75.126.127): 1 Time(s)
       unknown (176.111.173.237): 1 Time(s)
       unknown (185.247.225.61): 1 Time(s)
       unknown (185.31.175.228): 1 Time(s)
       unknown (185.81.51.132): 1 Time(s)
       unknown (188.74.54.101): 1 Time(s)
       unknown (59.72.122.148): 1 Time(s)
       unknown (tor-exit-relay-5.anonymizing-proxy.digitalcourage.de): 1 Time(s)
       unknown (tor-exit0-readme.dfri.se): 1 Time(s)
    Invalid Users:
       Unknown Account: 551 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

   17.967K  Bytes accepted                              18,398
   17.967K  Bytes sent via SMTP                         18,398
 ========   ==================================================
 
        1   Accepted                                   100.00%
 --------   --------------------------------------------------
        1   Total                                      100.00%
 ========   ==================================================
 
        2   4xx Reject relay denied                    100.00%
 --------   --------------------------------------------------
        2   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
       65   Connections             
       41   Connections lost (inbound) 
       65   Disconnections          
        1   Removed from queue      
        1   Sent via SMTP           
 
        5   Hostname verification errors (FCRDNS) 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- sendmail-largeboxes (large mail spool files) Begin
------------------------ 

 Large Mailbox threshold: 40MB (41943040 bytes)
  Warning: Large mailbox: mailman.gz (1747199807)
  Warning: Large mailbox: mailman (235703599967)
 
 ---------------------- sendmail-largeboxes (large mail spool files) End
------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    1.85.217.134: 17 times
    1.116.229.124: 35 times
    23.105.222.242 (23.105.222.242.16clouds.com): 18 times
    40.73.17.36: 8 times
    40.125.214.159: 27 times
    42.192.133.140: 32 times
    42.192.179.14: 30 times
    42.193.41.129: 28 times
    49.233.24.233: 26 times
    49.234.13.139: 35 times
    50.77.68.201 (50-77-68-201-static.hfc.comcastbusiness.net): 32 times
    58.177.171.112 (058177171112.ctinets.com): 5 times
    81.69.7.163: 14 times
    103.127.67.194: 18 times
    106.53.86.25: 34 times
    106.54.170.148: 18 times
    111.229.237.226: 11 times
    112.160.220.233: 32 times
    115.159.216.236: 31 times
    117.146.172.106: 1 time
    121.5.168.67: 14 times
    121.131.164.62: 16 times
    122.55.221.172 (122.55.221.172.static.pldt.net): 12 times
    143.110.179.115 (heribay.intertoons.net): 188 times
    157.245.101.31: 17 times
    172.81.254.82: 36 times
    174.91.192.200 (bras-base-mtrlpq3704w-grc-22-174-91-192-200.dsl.bell.ca): 33 times
    175.27.232.16: 26 times
    176.111.173.237: 2 times
    177.22.35.126: 19 times
    179.43.141.99: 2 times
    182.16.240.238 (ip-182-16-240-238.interlink.net.id): 35 times
    182.254.151.198: 31 times
    188.74.54.101: 5 times
    189.45.78.175: 14 times
    193.213.28.210 (210.28.213.193.static.cust.telenor.com): 28 times
    200.73.128.252 (252.128.73.200.cab.prima.net.ar): 1 time
    200.73.130.213 (213.130.73.200.cab.prima.net.ar): 1 time
    200.116.110.25 (conm200-116-110-25.epm.net.co): 34 times
    206.81.30.137: 38 times
    206.189.206.212: 17 times
    211.115.68.105: 36 times
    218.26.188.73 (73.188.26.218.internet.sx.cn): 38 times
    221.226.39.202: 17 times
    221.231.9.138: 34 times
 
 Illegal users from:
    undef: 349 times
    1.85.217.134: 12 times
    1.116.229.124: 15 times
    23.105.222.242 (23.105.222.242.16clouds.com): 9 times
    40.73.17.36: 4 times
    40.125.214.159: 17 times
    42.192.133.140: 14 times
    42.192.179.14: 11 times
    42.193.41.129: 12 times
    45.135.232.159: 3 times
    45.155.204.39: 3 times
    49.233.24.233: 8 times
    49.234.13.139: 15 times
    50.77.68.201 (50-77-68-201-static.hfc.comcastbusiness.net): 18 times
    58.177.171.112 (058177171112.ctinets.com): 1 time
    59.72.122.148: 1 time
    61.35.57.29: 12 times
    65.49.20.68 (scan-19.shadowserver.org): 1 time
    81.69.7.163: 15 times
    82.64.125.231 (82-64-125-231.subs.proxad.net): 2 times
    92.105.85.10 (10.85.105.92.dynamic.wline.res.cust.swisscom.ch): 2 times
    103.127.67.194: 13 times
    106.53.86.25: 16 times
    106.54.170.148: 7 times
    111.229.237.226: 5 times
    112.160.220.233: 18 times
    112.184.176.131: 2 times
    115.159.216.236: 16 times
    121.5.168.67: 23 times
    121.131.164.62: 2 times
    141.98.10.60: 3 times
    141.98.10.81: 13 times
    141.98.10.121: 6 times
    157.245.101.31: 12 times
    159.75.126.127: 1 time
    171.25.193.20 (tor-exit0-readme.dfri.se): 1 time
    172.81.254.82: 14 times
    174.91.192.200 (bras-base-mtrlpq3704w-grc-22-174-91-192-200.dsl.bell.ca): 17 times
    175.27.232.16: 15 times
    176.111.173.237: 1 time
    176.111.173.238: 5 times
    177.22.35.126: 14 times
    179.43.141.99: 8 times
    182.16.240.238 (ip-182-16-240-238.interlink.net.id): 11 times
    182.254.151.198: 19 times
    185.31.175.228: 1 time
    185.81.51.132: 1 time
    185.220.102.251 (tor-exit-relay-5.anonymizing-proxy.digitalcourage.de): 1 time
    185.247.225.61: 1 time
    188.74.54.101: 1 time
    188.126.89.67: 2 times
    189.45.78.175: 3 times
    190.29.103.99 (static-adsl190-29-103-99.une.net.co): 2 times
    193.213.28.210 (210.28.213.193.static.cust.telenor.com): 14 times
    199.19.224.76 (kon.is.hentai): 2 times
    200.116.110.25 (conm200-116-110-25.epm.net.co): 11 times
    205.185.121.149: 2 times
    205.185.126.71 (beta.bigislandrp.org): 8 times
    206.81.30.137: 12 times
    206.189.206.212: 8 times
    209.141.53.99 (abbrinym.com): 8 times
    211.115.68.105: 14 times
    212.193.30.32: 2 times
    212.193.30.64: 2 times
    218.26.188.73 (73.188.26.218.internet.sx.cn): 12 times
    221.226.39.202: 12 times
    221.231.9.138: 16 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem         Size  Used Avail Use% Mounted on
 /dev/ploop33257p1  394G  242G  132G  65% /
 none               4.0G     0  4.0G   0% /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

[TOPF] Logwatch for h2361197.stratoserver.net (Linux)